mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 16:17:41 +00:00
185 lines
4.7 KiB
Go
185 lines
4.7 KiB
Go
|
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style
|
||
|
// license that can be found in the LICENSE file.
|
||
|
|
||
|
// Package deb extracts metadata from Debian packages.
|
||
|
package deb
|
||
|
|
||
|
import (
|
||
|
"archive/tar"
|
||
|
"bufio"
|
||
|
"bytes"
|
||
|
"compress/gzip"
|
||
|
"crypto/md5"
|
||
|
"crypto/sha1"
|
||
|
"crypto/sha256"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"io"
|
||
|
"io/ioutil"
|
||
|
"os"
|
||
|
"path/filepath"
|
||
|
"strconv"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
// Info is the Debian package metadata needed to integrate the package
|
||
|
// into a repository.
|
||
|
type Info struct {
|
||
|
// Version is the version of the package, as reported by dpkg.
|
||
|
Version string
|
||
|
// Arch is the Debian CPU architecture the package is for.
|
||
|
Arch string
|
||
|
// Control is the entire contents of the package's control file,
|
||
|
// with leading and trailing whitespace removed.
|
||
|
Control []byte
|
||
|
// MD5 is the MD5 hash of the package file.
|
||
|
MD5 []byte
|
||
|
// SHA1 is the SHA1 hash of the package file.
|
||
|
SHA1 []byte
|
||
|
// SHA256 is the SHA256 hash of the package file.
|
||
|
SHA256 []byte
|
||
|
}
|
||
|
|
||
|
// ReadFile returns Debian package metadata from the .deb file at path.
|
||
|
func ReadFile(path string) (*Info, error) {
|
||
|
f, err := os.Open(path)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return Read(f)
|
||
|
}
|
||
|
|
||
|
// Read returns Debian package metadata from the .deb file in r.
|
||
|
func Read(r io.Reader) (*Info, error) {
|
||
|
b := bufio.NewReader(r)
|
||
|
|
||
|
m5, s1, s256 := md5.New(), sha1.New(), sha256.New()
|
||
|
summers := io.MultiWriter(m5, s1, s256)
|
||
|
r = io.TeeReader(b, summers)
|
||
|
|
||
|
t, err := findControlTar(r)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("searching for control.tar.gz: %w", err)
|
||
|
}
|
||
|
|
||
|
control, err := findControlFile(t)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("searching for control file in control.tar.gz: %w", err)
|
||
|
}
|
||
|
|
||
|
arch, version, err := findArchAndVersion(control)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("extracting version and architecture from control file: %w", err)
|
||
|
}
|
||
|
|
||
|
// Exhaust the remainder of r, so that the summers see the entire file.
|
||
|
if _, err := io.Copy(ioutil.Discard, r); err != nil {
|
||
|
return nil, fmt.Errorf("hashing file: %w", err)
|
||
|
}
|
||
|
|
||
|
return &Info{
|
||
|
Version: version,
|
||
|
Arch: arch,
|
||
|
Control: control,
|
||
|
MD5: m5.Sum(nil),
|
||
|
SHA1: s1.Sum(nil),
|
||
|
SHA256: s256.Sum(nil),
|
||
|
}, nil
|
||
|
}
|
||
|
|
||
|
// findControlTar reads r as an `ar` archive, finds a tarball named
|
||
|
// `control.tar.gz` within, and returns a reader for that file.
|
||
|
func findControlTar(r io.Reader) (tarReader io.Reader, err error) {
|
||
|
var magic [8]byte
|
||
|
if _, err := io.ReadFull(r, magic[:]); err != nil {
|
||
|
return nil, fmt.Errorf("reading ar magic: %w", err)
|
||
|
}
|
||
|
if string(magic[:]) != "!<arch>\n" {
|
||
|
return nil, fmt.Errorf("not an ar file (bad magic %q)", magic)
|
||
|
}
|
||
|
|
||
|
for {
|
||
|
var hdr [60]byte
|
||
|
if _, err := io.ReadFull(r, hdr[:]); err != nil {
|
||
|
return nil, fmt.Errorf("reading file header: %w", err)
|
||
|
}
|
||
|
filename := strings.TrimSpace(string(hdr[:16]))
|
||
|
size, err := strconv.ParseInt(strings.TrimSpace(string(hdr[48:58])), 10, 64)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("reading size of file %q: %w", filename, err)
|
||
|
}
|
||
|
if filename == "control.tar.gz" {
|
||
|
return io.LimitReader(r, size), nil
|
||
|
}
|
||
|
|
||
|
// files in ar are padded out to 2 bytes.
|
||
|
if size%2 == 1 {
|
||
|
size++
|
||
|
}
|
||
|
if _, err := io.CopyN(ioutil.Discard, r, size); err != nil {
|
||
|
return nil, fmt.Errorf("seeking past file %q: %w", filename, err)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// findControlFile reads r as a tar.gz archive, finds a file named
|
||
|
// `control` within, and returns its contents.
|
||
|
func findControlFile(r io.Reader) (control []byte, err error) {
|
||
|
gz, err := gzip.NewReader(r)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("decompressing control.tar.gz: %w", err)
|
||
|
}
|
||
|
defer gz.Close()
|
||
|
|
||
|
tr := tar.NewReader(gz)
|
||
|
for {
|
||
|
hdr, err := tr.Next()
|
||
|
if err != nil {
|
||
|
if errors.Is(err, io.EOF) {
|
||
|
return nil, errors.New("EOF while looking for control file in control.tar.gz")
|
||
|
}
|
||
|
return nil, fmt.Errorf("reading tar header: %w", err)
|
||
|
}
|
||
|
|
||
|
if filepath.Clean(hdr.Name) != "control" {
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
// Found control file
|
||
|
break
|
||
|
}
|
||
|
|
||
|
bs, err := ioutil.ReadAll(tr)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("reading control file: %w", err)
|
||
|
}
|
||
|
|
||
|
return bytes.TrimSpace(bs), nil
|
||
|
}
|
||
|
|
||
|
var (
|
||
|
archKey = []byte("Architecture:")
|
||
|
versionKey = []byte("Version:")
|
||
|
)
|
||
|
|
||
|
// findArchAndVersion extracts the architecture and version strings
|
||
|
// from the given control file.
|
||
|
func findArchAndVersion(control []byte) (arch string, version string, err error) {
|
||
|
b := bytes.NewBuffer(control)
|
||
|
for {
|
||
|
l, err := b.ReadBytes('\n')
|
||
|
if err != nil {
|
||
|
return "", "", err
|
||
|
}
|
||
|
if bytes.HasPrefix(l, archKey) {
|
||
|
arch = string(bytes.TrimSpace(l[len(archKey):]))
|
||
|
} else if bytes.HasPrefix(l, versionKey) {
|
||
|
version = string(bytes.TrimSpace(l[len(versionKey):]))
|
||
|
}
|
||
|
if arch != "" && version != "" {
|
||
|
return arch, version, nil
|
||
|
}
|
||
|
}
|
||
|
}
|